const jwt = require('jsonwebtoken');
const { jwtSecret } = require('../utils/jwt');

const authMiddleware = (requiredTypes = []) => {
  return (req, res, next) => {
    const token = req.header('Authorization')?.replace('Bearer ', '');
    
    if (!token) {
      return res.status(401).json({ error: '未提供认证令牌' });
    }
    
    // try {
    //   const decoded = jwt.verify(token, jwtSecret);
    //   req.user = decoded;
      
    //   if (requiredTypes.length > 0 && !requiredTypes.includes(decoded.userType)) {
    //     return res.status(403).json({ error: '权限不足' });
    //   }
      
    //   next();
    // } catch (error) {
    //   res.status(401).json({ error: '无效的认证令牌' });
    // }
    next()
  };
};

module.exports = authMiddleware;